Microsoft Debugger, anyone using it?

[Wannabe]

It seems all with a bit knowhow are using SoftIce as their default debugger. Anyone using Microsoft Debugger, and what are the biggest differences between them?
Is there a situation where one could get better off with MS stuff?
And just of curiosity, the symboltables one can download for each MS OS seems big, I guess they contain more than just the exports for the system level dlls?

Latest: Just wanted to thank all of you who responded to my question, I now know which debugger to use

[JMI]

You will find useful reading by doing a simple search with something like;

softice vs. windbg

http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=softice+vs+windbg

Perhaps you need some more "general" knowledge about debuggers and ring0 and ring3 for general understanding of why someone might chose one debugger over another in certain circumstances and depending on what they are doing.

Regards,

The reason so many use Softice, and why it's overrated, is because back in the day 1997-2001, that's what all the tutorials were based on. just read any of tuts, and they will all involve Softice and Hmemcpy.

One tut after the other, softice and Hmemcpy.... softice hmemcpy... softice hmemcpy...

[bilbo]

Quote:

the symboltables one can download for each MS OS seems big, I guess they contain more than just the exports for the system level dlls?

You're right, Wannabe, explore them with the tool you can download from http://pdpdump.sourceforge.net: you will find a lot of interesting things!

Regards, bilbo

edited: sorry, mates, PDP has gone, old hobbit is not fast enough to forget it!. Correct link is http://pdbdump.sourceforge.net. By the way, it is a project by Andrew de Quincey, a great reverser! Regards

[JMI]

Boy those Hobbits are fast. They can go from one side of the world to the other in just moments. (warning, warning: EXCEPTION_DEBUG_EVENT.) You know what I mean.

Regards,

I am afraid that I am one of the poor men using Micro$oft Debugger, because most of my tasks are programming oriented ...

For developing drivers or reverse engineering, SoftICE or OllyDbg might be better, since they are binary oriented; I dunno if there is other feature that I have missed ...

Micro$oft Debugger does not have enough features for a cracker, like the memory search in SoftICE, so unless you can kick it go, or use the remote debug feature to debug the kernel of WinXP/2k etc, you may find it almost useless ...

I have used MS windbg. I didn't use SoftICE because it has some problems
with my mouse and freezes easily. I only used windbg for user mode app
debugging, not kd or kernel/driver debugging.

One good thing is that windbg can handle large size executables, like 50MB.
Its short cut keys are also the same as VisualStudio (a convenience for me).
It has all the basic stuff and interface is OK. Not so great but suits my need.

[ssb]

Latest WinDBG isn't that bad for regular debuging.
It can compete Olly in size, speed and features though.

Windbg does have some very good features, both for reversers and programmers - notably crash dump files and the logger.
Personally I think it has a steaper learning curve than say Ollydbg.

Regards
NTFreak

windbg (or kd--console version) is pretty good imo, especially if you use livekd. The notable advantage is wndbg's native support of M$ symbols, therefore making it so much easier for kernel debugging. kd has some really good commands that makes it very easy to explore windows internals, data structures, functions, exports, etc. And they are free!

If you cannot afford softice, livekd+wndbg is the way to go for kernel level debugging. for ring3 debugging, olly is very good.

general speeking...
windbg is a weight-level tools,howbeit softice light-level..
all i say here suited for souce code debug,not disassemble.

1.load times
when use symbols,windbg spilt every file into single .pdb file
but sice pack all file into one .sym file.
so,,when u debug a large project,sice will spend many time to load symbles file(in our project,it's 5 mins.)

2.c/s debug
c/s debug is used in many kernel debug,(via COM1 or 1394)
when remote debugger is enabled,sice is very fast than windbg.
becauze windbg will spend time to detect symbols file and more work,
which can be saw in win2k leaked code dir,\private\windbg64\...

3.expand funcs
we can easy expand windbg funcs by design some plug-in tools,
but iceext is only chocie of u.

so,my advice...
when debugged in small project,sice is first choice.